Solved

Win32/Exploit.MSWord.Smtag trojan

Posted on 2008-06-25
4
1,466 Views
Last Modified: 2013-11-22
A large MS Word (Office 2003, SP 3) document that I work on regularly appears to have been infected with a trojan this morning.  I'm running ESET / NOD32 (v3217 (20080625)).  This was the NOD32 warning:

Time      Module      Object      Name      Threat      Action      User      Information
6/25/2008 9:48:59 AM      AMON      file      <full path> a variant of Win32/Exploit.MSWord.Smtag trojan <machine name>\jdana      Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

NOD32 was unable to clean the file.  The error message simply reads, "Unable to clean."

Here's the interesting twist: The file was reported infected after the 3217 update.  The 3218 update arrived minutes ago, and suddenly NOD32 reports the file is clean.  Was I looking at a "false positive" from NOD32?   Is there an online tool I can use to verify the file is, in fact, clean?
0
Comment
Question by:jdana
4 Comments
 
LVL 20

Accepted Solution

by:
IndiGenus earned 168 total points
ID: 21867554
Yes sounds like it was a false positive. To make sure you could upload the file to one of the online scanners. It will be scanned by almost every engine out there....

Go to http://virusscan.jotti.org, click on Browse, and upload the file for analysis:

If Jotti is too busy you can try these.

http://www.kaspersky.com/scanforvirus.html
http://www.virustotal.com/en/indexf.html
0
 

Assisted Solution

by:vbuckjr
vbuckjr earned 166 total points
ID: 21868126
This is a false positive they had a bad signature file go out in 3217 have corrected it with the 3218 update, you can follow this link to a discussion of this problem.

http://www.wilderssecurity.com/showthread.php?p=1268309



0
 

Assisted Solution

by:Bene007
Bene007 earned 166 total points
ID: 21875092
The proposal is quite correct.
I installed on the 25 of june, the version 3218 (now it is still 3221!) and i get no more false positive !
But, I have to tell you that the 25 opf june the option scan and clean 've deleted some old Word Files !
The option in the action tab doesn't explain that.
Benedicte
0
 

Author Closing Comment

by:jdana
ID: 31470655
Sure enough, the "shadow" trojan vanished with the update.  Thanks for the assistance.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question